Hello Orkut Users,
I hope your endeavours for the goal of Social Networking are going on just fine! I composed this article just to give a wake up call to you as an user of Orkut and the Google-Orkut Developers for some of the threats both are facing or already are vulnerable to.
We are using the Orkut social-networking website from the past many years. During all these years we have shared our precious thoughts, lovely snaps, informative web page links, cute scraps which either you sent to your friends and they sent to you asking your whereabouts and how you all felt about a day or event in life, joined various related communities of your interest and hobbies and created a few too, and sent quick-hush messages to our various friends. So today your profile is a sum total and a gold mine of all the personal details, quotes, innovative and creative ideas as well as the capture of joyful and emotional moments in terms of galleries of pictures. Nice and cosy feelings right ha?
You are sure that these matter in the same way to your friends and are therefore only available to them. And you thought you can never be wrong about it! You have all those nifty privacy setting in your command so how can one whom you don't know and have never even heard of or seen in your life know so much about you and that too via your Orkut Profile which you cherish the most and think of it like a digital fortress of a kind!
How will you respond if I tell you that this can be done and that too without any ethical or unethical hacking? So let me tell you first, how can one who just one fine day thought to target you, by only knowing your name and no other information, can know all about you in a matter of 20 minutes or less depending upon the Internet access speed. Here you go, starting with 00:00 in {mm:ss} format on the time-line:
1. {00:00}The person creates a dummy GMail account and through it, a dummy profile in Orkut which provides such details which separates one from any relation with it. (Let this profile be called PX.) This is done since, once PX visits a profile, it shows up in the "recent visitors" section of the home page of the user. A dummy GMail account is created because, if one uses the personal email address to create PX, then as the target can search users with e-mail address in Orkut, PX reveals itself in a case of hit and trial search by e-mail id.
2. {05:00}PX uses the Orkut-user_search to search your profile (henceforth, PU). Many profiles are returned as there may be many with the same name (homonym). As PX knows your country, present location, sex, a few of your friends and their names, zeroes in to PU in a jiffy!
3. {07:30}PX, even though not in the PU's friend list, can suck all the information from PU in the next 12 and a half minutes. This is how it works!!
4. {07:31} Fact_1: The testimonial section of a Orkut_User is public and visible to all the Orkut users. A privacy setting to control its visibility is absent.
PX accesses PU's testimonial section and copies and creates a map of users (henceforth, TUM) who submitted the testimonial and the text content of the same in a local file. It is done for all the testimonials present in PU. Now the TUM is a very important data as testimonials are only submitted by very close and important persons in PU's life. The user profiles in TUM are visited on the basis of the testimonial text and all the data present in their profile is also copied in the Map.The data received is used to cross-refer details about PU.
5. {09:30} Fact_2: The community section of a Orkut_User is public and visible to all the Orkut users. A privacy setting to control its visibility is absent.
PX accesses PU's community section and opens the community page and copies and creates a map of community (henceforth, CM) and what it stands for, in a local file. It is done for all the communities present in PU. Now the CM is a very important data as PU joins only those communities which fall in the following category:
If PU has very less or almost no information in the testimonial and community section, the PX uses the more difficult but challenging approach and puts analytical skills into use. This is how! From the PU's friend list, 10-20 random users are chosen and a map (FUM) is created. Now community information from each entry in the FUM is parsed and an appropriate weightage is assigned to the communities joined by them, grouping them, according the categories in #5. This is done for all the entries in FUM. After the completion of the iteration, from each categories of communities, the community of highest weightage is chosen and from it PU's information given in #5 is inferred. This has a viable success rate of getting the correct information. For example, under the educational school communities, if a particular school community gets the highest weight then that must be the school attended my PU. Similar logic for College, Company working in and others.
7. {18:30} Fact_4: The updates section of a Orkut_User in the new User Interface is public over the time range from the time of creation of the Orkut account till the date the individual visibility setting for each update and scrap was activated and are visible to all the Orkut users. A privacy setting to control its visibility is absent.
This is the most easy way to get to know all the details of the user. PX while humming the favourite song, copies and creates a map (UUM) of the updates and the other user involved in the update, whether it be a scrap, a greeting, a friendship acceptance, everything with a precise timestamp. Well done!!! {20:00}
Now you can be sure that, there are many, or at least PX, who knows about you more than your best friend!!
1. First and foremost the most dangerous part of the profile page is the communities section. As there is no way to hide the community list from the non-friend members, visit the community pages which you think can provide personal information given above and unjoin them.
2. The next revealing section is the "Testimonials" section. Remove all the testimonials, however much you cherish them. If you want to store the text, do that in a text file and save with date and name of the person, but do not leave it public on the profile page.
3. The next most vulnerable section is the "my updates" section. Visit that section and look for a tiny image telling whether a particular update is a public or friends only or private. If it is public, immediately remove the update if you think it reveals personal data or personal conversation or a recent friend addition. A recent friend addition can give away the information of your current company, location and other analytical information.
4. Next is the photo section. Check that all the galleries containing the personal photos are updated as friends only or selected friends only!
Happy Orkutting!
I hope your endeavours for the goal of Social Networking are going on just fine! I composed this article just to give a wake up call to you as an user of Orkut and the Google-Orkut Developers for some of the threats both are facing or already are vulnerable to.
We are using the Orkut social-networking website from the past many years. During all these years we have shared our precious thoughts, lovely snaps, informative web page links, cute scraps which either you sent to your friends and they sent to you asking your whereabouts and how you all felt about a day or event in life, joined various related communities of your interest and hobbies and created a few too, and sent quick-hush messages to our various friends. So today your profile is a sum total and a gold mine of all the personal details, quotes, innovative and creative ideas as well as the capture of joyful and emotional moments in terms of galleries of pictures. Nice and cosy feelings right ha?
You are sure that these matter in the same way to your friends and are therefore only available to them. And you thought you can never be wrong about it! You have all those nifty privacy setting in your command so how can one whom you don't know and have never even heard of or seen in your life know so much about you and that too via your Orkut Profile which you cherish the most and think of it like a digital fortress of a kind!
How will you respond if I tell you that this can be done and that too without any ethical or unethical hacking? So let me tell you first, how can one who just one fine day thought to target you, by only knowing your name and no other information, can know all about you in a matter of 20 minutes or less depending upon the Internet access speed. Here you go, starting with 00:00 in {mm:ss} format on the time-line:
1. {00:00}The person creates a dummy GMail account and through it, a dummy profile in Orkut which provides such details which separates one from any relation with it. (Let this profile be called PX.) This is done since, once PX visits a profile, it shows up in the "recent visitors" section of the home page of the user. A dummy GMail account is created because, if one uses the personal email address to create PX, then as the target can search users with e-mail address in Orkut, PX reveals itself in a case of hit and trial search by e-mail id.
2. {05:00}PX uses the Orkut-user_search to search your profile (henceforth, PU). Many profiles are returned as there may be many with the same name (homonym). As PX knows your country, present location, sex, a few of your friends and their names, zeroes in to PU in a jiffy!
3. {07:30}PX, even though not in the PU's friend list, can suck all the information from PU in the next 12 and a half minutes. This is how it works!!
4. {07:31} Fact_1: The testimonial section of a Orkut_User is public and visible to all the Orkut users. A privacy setting to control its visibility is absent.
PX accesses PU's testimonial section and copies and creates a map of users (henceforth, TUM) who submitted the testimonial and the text content of the same in a local file. It is done for all the testimonials present in PU. Now the TUM is a very important data as testimonials are only submitted by very close and important persons in PU's life. The user profiles in TUM are visited on the basis of the testimonial text and all the data present in their profile is also copied in the Map.The data received is used to cross-refer details about PU.
5. {09:30} Fact_2: The community section of a Orkut_User is public and visible to all the Orkut users. A privacy setting to control its visibility is absent.
PX accesses PU's community section and opens the community page and copies and creates a map of community (henceforth, CM) and what it stands for, in a local file. It is done for all the communities present in PU. Now the CM is a very important data as PU joins only those communities which fall in the following category:
- PU's education: various Schools, Graduation and Post-graduation College, Stream specific, Courses joined, Certifications undertaken communities.
- PU's Hobbies and interests: Sport, Sport persons, Iconic personalities, I love ..., Competitive examinations, academic subjects and other related communities.
- PU's medical details: Blood group, Hair colour, Eye colour.
- PU's Time-Geographic info like the School Batch (year of pass out, location of school), College Batch (year of pass out, location of college), Location of Residence (Name of the city, town), Location of the company working in (Company community for the joiners of a particular year usually for the joining straight after college).
- PU's Birth details: Birth place, Birth date, Birth month, Birth year, Birth Zodiac sign communities.
- PU's Caste and Community details: Family name, caste, community, regional belonging, state, mother-tongue.
- PU's work details: Present working company, previous companies, special corporate groups, Technology working in, Field working in and various other communities.
If PU has very less or almost no information in the testimonial and community section, the PX uses the more difficult but challenging approach and puts analytical skills into use. This is how! From the PU's friend list, 10-20 random users are chosen and a map (FUM) is created. Now community information from each entry in the FUM is parsed and an appropriate weightage is assigned to the communities joined by them, grouping them, according the categories in #5. This is done for all the entries in FUM. After the completion of the iteration, from each categories of communities, the community of highest weightage is chosen and from it PU's information given in #5 is inferred. This has a viable success rate of getting the correct information. For example, under the educational school communities, if a particular school community gets the highest weight then that must be the school attended my PU. Similar logic for College, Company working in and others.
7. {18:30} Fact_4: The updates section of a Orkut_User in the new User Interface is public over the time range from the time of creation of the Orkut account till the date the individual visibility setting for each update and scrap was activated and are visible to all the Orkut users. A privacy setting to control its visibility is absent.
This is the most easy way to get to know all the details of the user. PX while humming the favourite song, copies and creates a map (UUM) of the updates and the other user involved in the update, whether it be a scrap, a greeting, a friendship acceptance, everything with a precise timestamp. Well done!!! {20:00}
Now you can be sure that, there are many, or at least PX, who knows about you more than your best friend!!
Now, how to safeguard yourself from such attacks!! This is how!!! Follow these simple steps to safety!
1. First and foremost the most dangerous part of the profile page is the communities section. As there is no way to hide the community list from the non-friend members, visit the community pages which you think can provide personal information given above and unjoin them.
2. The next revealing section is the "Testimonials" section. Remove all the testimonials, however much you cherish them. If you want to store the text, do that in a text file and save with date and name of the person, but do not leave it public on the profile page.
3. The next most vulnerable section is the "my updates" section. Visit that section and look for a tiny image telling whether a particular update is a public or friends only or private. If it is public, immediately remove the update if you think it reveals personal data or personal conversation or a recent friend addition. A recent friend addition can give away the information of your current company, location and other analytical information.
4. Next is the photo section. Check that all the galleries containing the personal photos are updated as friends only or selected friends only!
Happy Orkutting!
No comments:
Post a Comment